[Dshield] Veritas Backup Exec Windows Agent Remote File Access Exploit
frank at knobbe.us
Sat Aug 13 00:10:21 GMT 2005
On Fri, 2005-08-12 at 18:49 -0500, Frank Knobbe wrote:
> I mean,
> if you are authenticated and authorized to BACKUP using the hard coded
> root account, aren't you also able to RESTORE data to the server?
Let me just answer myself. According to
there is a DATA_START_RECOVER request. So the exploit (which only uses
DATA_START_DUMP) could be easily rewritten to RESTORE files to the
I leave the creation of an upload exploit script as an exercise to the
Better get patching before the pubstros are RESTORED onto the boxes!
Ciscogate: Shame on Cisco. Double-Shame on ISS.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 187 bytes
Desc: This is a digitally signed message part
Url : http://www.dshield.org/pipermail/list/attachments/20050812/59579243/attachment.bin
More information about the list